Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
OpenWrt
/
openwrt
zrkadlo https://github.com/openwrt/openwrt.git
2
0
Fork 0
Súbory Issues 0 Wiki
Prechádzať zdrojové kódy

b53: fix memory out of bounds access on 64 bit targets

On device reset the sizes for the vlan and port tables were wrongly
calculated based on the pointer size instead of the struct size. This
causes buffer overruns on 64 bit targets, resulting in panics.

Fix this by dereferencing the pointers.

Reported-by: Fedor Konstantinov <[email protected]>
Signed-off-by: Jonas Gorski <[email protected]>

SVN-Revision: 45938
Jonas Gorski 10 rokov pred
rodič
d24d5412ff
commit
9fbd6d0ba0
1 zmenil súbory, kde vykonal 2 pridanie a 2 odobranie
Rozdelené zobrazenie Ukázať štatistiku rozdielnych dát
  1. 2 2
      target/linux/generic/files/drivers/net/phy/b53/b53_common.c

+ 2 - 2
target/linux/generic/files/drivers/net/phy/b53/b53_common.c
Zobraziť súbor 

@@ -803,8 +803,8 @@ static int b53_global_reset_switch(struct switch_dev *dev)
 
 	priv->enable_jumbo = 0;
 
 	priv->allow_vid_4095 = 0;
 
 
-	memset(priv->vlans, 0, sizeof(priv->vlans) * dev->vlans);
 
-	memset(priv->ports, 0, sizeof(priv->ports) * dev->ports);
 
+	memset(priv->vlans, 0, sizeof(*priv->vlans) * dev->vlans);
 
+	memset(priv->ports, 0, sizeof(*priv->ports) * dev->ports);
 
 
 	return b53_switch_reset(priv);
 
 }